CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18913
https://notcve.org/view.php?id=CVE-2018-18913
21 Mar 2019 — Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed. Opera, en v... • https://blogs.opera.com/desktop/changelog-for-57 • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6908
https://notcve.org/view.php?id=CVE-2016-6908
26 Jan 2017 — Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as "/", "?" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for... • http://www.securityfocus.com/bid/92701 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •